diff --git a/src/index.ts b/src/index.ts
index 086caf8..f5239e9 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -142,12 +142,8 @@ function start() {
   const hashContents = hash.slice(1); // drop leading '#' from hash
   const hashQueryString = new URLSearchParams(hashContents);
 
-  const {
-    suspectHref,
-    suspectHostnameUnicode,
-    suspectHrefUnicode,
-    suspectOrigin,
-  } = getSuspect(hashQueryString.get('href'));
+  const { suspectHref, suspectHostnameUnicode, suspectHrefUnicode } =
+    getSuspect(hashQueryString.get('href'));
 
   const suspectLink = document.getElementById('suspect-link');
   if (!suspectLink) {
@@ -182,7 +178,7 @@ function start() {
     phishingSafelistStream.write({
       jsonrpc: '2.0',
       method: 'safelistPhishingDomain',
-      params: [suspectOrigin],
+      params: [suspectHref],
       id: createRandomId(),
     });
 
diff --git a/tests/bypass.spec.ts b/tests/bypass.spec.ts
index 65df2e4..ec58ac4 100644
--- a/tests/bypass.spec.ts
+++ b/tests/bypass.spec.ts
@@ -24,7 +24,56 @@ test('allows the user to bypass the warning and add the site origin to the allow
       id: expect.any(Number),
       jsonrpc: '2.0',
       method: 'safelistPhishingDomain',
-      params: ['https://test.com'],
+      params: ['https://test.com/'],
+    },
+    name: 'metamask-phishing-safelist',
+  });
+});
+
+test('allows the user to bypass the warning with URL path and sends full href', async ({
+  page,
+}) => {
+  const postMessageLogs = await setupStreamInitialization(page);
+  const testUrl = 'https://test-phishing-domain.invalid/path';
+  const hashParams = new URLSearchParams({
+    href: testUrl,
+  });
+
+  await page.goto(`/#${hashParams}`);
+  await page.locator('css=#unsafe-continue').click();
+
+  await expect(postMessageLogs.length).toBe(1);
+  await expect(postMessageLogs[0].message).toStrictEqual({
+    data: {
+      id: expect.any(Number),
+      jsonrpc: '2.0',
+      method: 'safelistPhishingDomain',
+      params: [testUrl],
+    },
+    name: 'metamask-phishing-safelist',
+  });
+});
+
+test('allows bypass with complex URL including query parameters and fragments', async ({
+  page,
+}) => {
+  const postMessageLogs = await setupStreamInitialization(page);
+  const complexUrl =
+    'https://test-complex.invalid/path?param=value&other=test#section';
+  const hashParams = new URLSearchParams({
+    href: complexUrl,
+  });
+
+  await page.goto(`/#${hashParams}`);
+  await page.locator('css=#unsafe-continue').click();
+
+  await expect(postMessageLogs.length).toBe(1);
+  await expect(postMessageLogs[0].message).toStrictEqual({
+    data: {
+      id: expect.any(Number),
+      jsonrpc: '2.0',
+      method: 'safelistPhishingDomain',
+      params: [complexUrl],
     },
     name: 'metamask-phishing-safelist',
   });